In this installment of our 50th Anniversary of Cybersecurity series, we hear from NIST’s Rodney Petersen, Director of the National Initiative for Cybersecurity Education (NICE). In this look back, Rodney offers a brief history of NICE, discusses recent advances in cybersecurity education and workforce development, and shares a few memories from around the community.
In this year-long celebration of cybersecurity at NIST, we at the National Initiative for Cybersecurity Education (NICE) are proud to be the first to take a detailed look at some of the advances that have taken place to address employer needs and equip learners (students, job seekers, and employees) to help minimize the cybersecurity risks to enterprises.
But first, some history. Education and workforce development are among NIST’s more recent cybersecurity-related undertakings. Our roots go back to the Comprehensive National Cybersecurity Initiative (CNCI) in 2008, which called for the development of a better prepared federal cybersecurity workforce. A few years later, Congress enacted the Cybersecurity Enhancement Act of 2014 that authorized the role of NICE to continue coordination of a National Cybersecurity Awareness and Education Program and to facilitate cybersecurity education programs at all levels which is why we introduced the first NICE K12 Cybersecurity Education Conference in 2015.
The driving purpose behind NICE is community building and coordination. We work to promote a partnership among academia, industry, and government to advance an integrated ecosystem of cybersecurity education, training, and workforce development. The foundation was set back in the summer of 2010 during the first NICE Conference on Shaping the Future of Cybersecurity Education at NIST’s headquarters in Gaithersburg, Maryland. Since then, the community has gathered annually at the NICE Conference & Expo at a different location across the country each year. (The annual tradition interrupted only by Hurricane Sandy and COVID-19).
Rick Geritz, CEO of LifeJourney, ran the NICE Conference in the early days and has witnessed cybersecurity’s evolution from an exclusive niche to a broad-based, diverse network. Geritz summed up the community’s progress: “Cybersecurity is now mainstream and NICE made that happen. NICE enabled the cybersecurity market to scale – by standardizing it, communicating it, and inspiring it.”
Working with a multitude of partners throughout the ecosystem, NICE supports many events every year, including workshops, forums, and a monthly webinar series. The annual NICE Conference & Expo, the premier annual event that brings together the NICE community, is now hosted by Florida International University in partnership with New America. The NICE K12 Cybersecurity Education Conference, hosted by our partner iKeepSafe, draws educators and students from around the country. Each fall we sponsor Cybersecurity Career Awareness Week, which we expanded in 2021 to include international partners and last year alone boasted more than 125 training opportunities, 86 webinars, and seven competitions.
We work with government partners on a wide variety of projects, including the National Security Agency’s GenCyber program; the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Education Training and Assistance Program; and the National Science Foundation’s Advanced Technology Education (ATE) and CyberCorps®: Scholarship for Service (SFS) programs. We also partner with the National Centers of Academic Excellence in Cybersecurity (NCAE-C) community in their many efforts to produce high-caliber cybersecurity practitioners. We also host an annual Federal Cybersecurity Workforce Summit and Webinar Series, in partnership with the Office of Personnel Management.
Today, NICE coordinates and convenes an ever-growing network of cybersecurity practitioners, educators, trainers, policymakers, students, and more. The NICE Community Coordinating Council – which launched in the spring of 2015 as the NICE Working Group – boasts more than 2,100 members and seven highly dedicated working groups and communities of interest, all working to expand and enhance the cybersecurity workforce pipeline.
In addition to advancing the cybersecurity ecosystem, NICE has made a lasting mark already in its short history with the creation of the Workforce Framework for Cybersecurity (NICE Framework). This framework, first published in 2012, established a much-needed common lexicon and taxonomy, categorizing and describing cybersecurity work for the purposes of curriculum development, job classification, public policy direction, and much more.
Stephen Miller, director of the Cybersecurity Center of Excellence at Eastern New Mexico University-Ruidoso, recalls an earlier time when educators had to consult other information security sources for material to build on. “When we started the cybersecurity program at ENMU-Ruidoso in 2010, we based our program on the Infosec 4011 and 4016E certifications from the [National Security Agency] and [Department of Homeland Security],” Miller told me. “We used the O'Net Job descriptions [from the Department of Labor]. Our curriculum at the beginning was based on Knowledge Units for Information Systems Security Professionals, NSTISSI No. 4011 and CNSSI No. 4016 Entry Level Risk Analysts job descriptions.”
Simplifying matters greatly, the NICE Framework offers not only a guideline for cybersecurity coursework that lead to credentials but also a means of ensuring that programs are relevant to marketplace demands. “It has helped our institution better align with our industry partners,” Miller said about the Framework. “The students have a concrete understanding of why they are studying a certain learning module or lab and how it applies apply to the NICE Work Role tasks.”
Beginning in 2015, NICE supported the development of CyberSeek.org by CompTIA and Emsi-Burning Glass – an interactive job heats map and career pathways tool aligned to the NICE Framework. The CyberSeek tool has been an invaluable resource for career seekers and policymakers who seek to forecast the cybersecurity workforce needs of the Nation.
Now in its fourth iteration – published in November of 2020 as NIST Special Publication 800-181 Revision 1 – the NICE Framework continues to grow in influence and reach. Last year alone, it was downloaded 70,000 times, and nearly one-third of the downloads were from organizations outside the United States. It has been translated into Spanish and Portuguese, and two more translations are in the works.
As we embark on the next 50 years of cybersecurity progress at NIST, NICE is helping Americans discover multiple pathways to cybersecurity careers, including apprenticeships. We are committed to supporting employers in their efforts to enhance and sustain the cybersecurity workforce. With our expanding network of partners, we will continue to promote a thriving and growing cybersecurity education and workforce ecosystem.